From 9d0dc89b03d4e3f50d54d1189a119016b2c805c3 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Tue, 11 Jan 2011 20:31:09 +0700
Subject: Renamed hbac to hbacrule.

All references to hbac in the UI have been replaced with hbacrule.
This is to match the hbacrule plugin. The test data and templates
have been renamed as well.
---
 install/static/Makefile.am                         |   2 +-
 install/static/hbac.js                             | 984 ---------------------
 install/static/hbacrule.js                         | 984 +++++++++++++++++++++
 install/static/index.html                          |   2 +-
 install/static/layouts/default/Makefile.am         |  12 +-
 .../layouts/default/hbac-details-accesstime.html   |  49 -
 .../layouts/default/hbac-details-general.html      |  57 --
 .../static/layouts/default/hbac-details-host.html  |  78 --
 .../layouts/default/hbac-details-service.html      |  78 --
 .../layouts/default/hbac-details-sourcehost.html   |  78 --
 .../static/layouts/default/hbac-details-user.html  |  78 --
 .../default/hbacrule-details-accesstime.html       |  49 +
 .../layouts/default/hbacrule-details-general.html  |  57 ++
 .../layouts/default/hbacrule-details-host.html     |  78 ++
 .../layouts/default/hbacrule-details-service.html  |  78 ++
 .../default/hbacrule-details-sourcehost.html       |  78 ++
 .../layouts/default/hbacrule-details-user.html     |  78 ++
 install/static/test/data/hbac_add.json             |  27 -
 install/static/test/data/hbac_add_accesstime.json  |   7 -
 install/static/test/data/hbac_add_host.json        |  56 --
 install/static/test/data/hbac_add_service.json     |  56 --
 install/static/test/data/hbac_add_sourcehost.json  |  56 --
 install/static/test/data/hbac_add_user.json        |  56 --
 install/static/test/data/hbac_del.json             |   9 -
 install/static/test/data/hbac_find.json            |  54 --
 install/static/test/data/hbac_mod.json             |  60 --
 .../static/test/data/hbac_remove_accesstime.json   |   7 -
 install/static/test/data/hbac_remove_host.json     |  50 --
 install/static/test/data/hbac_remove_service.json  |  49 -
 .../static/test/data/hbac_remove_sourcehost.json   |  50 --
 install/static/test/data/hbac_remove_user.json     |  48 -
 install/static/test/data/hbac_show.json            |  76 --
 install/static/test/data/hbacrule_add.json         |  27 +
 .../static/test/data/hbacrule_add_accesstime.json  |   7 +
 install/static/test/data/hbacrule_add_host.json    |  56 ++
 install/static/test/data/hbacrule_add_service.json |  56 ++
 .../static/test/data/hbacrule_add_sourcehost.json  |  56 ++
 install/static/test/data/hbacrule_add_user.json    |  56 ++
 install/static/test/data/hbacrule_del.json         |   9 +
 install/static/test/data/hbacrule_find.json        |  54 ++
 install/static/test/data/hbacrule_mod.json         |  60 ++
 .../test/data/hbacrule_remove_accesstime.json      |   7 +
 install/static/test/data/hbacrule_remove_host.json |  50 ++
 .../static/test/data/hbacrule_remove_service.json  |  49 +
 .../test/data/hbacrule_remove_sourcehost.json      |  50 ++
 install/static/test/data/hbacrule_remove_user.json |  48 +
 install/static/test/data/hbacrule_show.json        |  76 ++
 install/static/test/data/ipa_init.json             |   8 +-
 install/static/webui.js                            |   2 +-
 49 files changed, 2076 insertions(+), 2076 deletions(-)
 delete mode 100755 install/static/hbac.js
 create mode 100755 install/static/hbacrule.js
 delete mode 100755 install/static/layouts/default/hbac-details-accesstime.html
 delete mode 100755 install/static/layouts/default/hbac-details-general.html
 delete mode 100755 install/static/layouts/default/hbac-details-host.html
 delete mode 100755 install/static/layouts/default/hbac-details-service.html
 delete mode 100755 install/static/layouts/default/hbac-details-sourcehost.html
 delete mode 100755 install/static/layouts/default/hbac-details-user.html
 create mode 100755 install/static/layouts/default/hbacrule-details-accesstime.html
 create mode 100755 install/static/layouts/default/hbacrule-details-general.html
 create mode 100755 install/static/layouts/default/hbacrule-details-host.html
 create mode 100755 install/static/layouts/default/hbacrule-details-service.html
 create mode 100755 install/static/layouts/default/hbacrule-details-sourcehost.html
 create mode 100755 install/static/layouts/default/hbacrule-details-user.html
 delete mode 100644 install/static/test/data/hbac_add.json
 delete mode 100644 install/static/test/data/hbac_add_accesstime.json
 delete mode 100644 install/static/test/data/hbac_add_host.json
 delete mode 100644 install/static/test/data/hbac_add_service.json
 delete mode 100644 install/static/test/data/hbac_add_sourcehost.json
 delete mode 100644 install/static/test/data/hbac_add_user.json
 delete mode 100644 install/static/test/data/hbac_del.json
 delete mode 100644 install/static/test/data/hbac_find.json
 delete mode 100644 install/static/test/data/hbac_mod.json
 delete mode 100644 install/static/test/data/hbac_remove_accesstime.json
 delete mode 100644 install/static/test/data/hbac_remove_host.json
 delete mode 100644 install/static/test/data/hbac_remove_service.json
 delete mode 100644 install/static/test/data/hbac_remove_sourcehost.json
 delete mode 100644 install/static/test/data/hbac_remove_user.json
 delete mode 100644 install/static/test/data/hbac_show.json
 create mode 100644 install/static/test/data/hbacrule_add.json
 create mode 100644 install/static/test/data/hbacrule_add_accesstime.json
 create mode 100644 install/static/test/data/hbacrule_add_host.json
 create mode 100644 install/static/test/data/hbacrule_add_service.json
 create mode 100644 install/static/test/data/hbacrule_add_sourcehost.json
 create mode 100644 install/static/test/data/hbacrule_add_user.json
 create mode 100644 install/static/test/data/hbacrule_del.json
 create mode 100644 install/static/test/data/hbacrule_find.json
 create mode 100644 install/static/test/data/hbacrule_mod.json
 create mode 100644 install/static/test/data/hbacrule_remove_accesstime.json
 create mode 100644 install/static/test/data/hbacrule_remove_host.json
 create mode 100644 install/static/test/data/hbacrule_remove_service.json
 create mode 100644 install/static/test/data/hbacrule_remove_sourcehost.json
 create mode 100644 install/static/test/data/hbacrule_remove_user.json
 create mode 100644 install/static/test/data/hbacrule_show.json

diff --git a/install/static/Makefile.am b/install/static/Makefile.am
index 5c88d780..a539eb8b 100644
--- a/install/static/Makefile.am
+++ b/install/static/Makefile.am
@@ -21,7 +21,7 @@ app_DATA =                              \
 	jquery-ui.css			\
 	certificate.js 			\
 	group.js 			\
-	hbac.js 			\
+	hbacrule.js 			\
 	hbacsvc.js 			\
 	hbacsvcgroup.js 		\
 	host.js 			\
diff --git a/install/static/hbac.js b/install/static/hbac.js
deleted file mode 100755
index 264b7c5a..00000000
--- a/install/static/hbac.js
+++ /dev/null
@@ -1,984 +0,0 @@
-/*  Authors:
- *    Endi Sukma Dewata <edewata@redhat.com>
- *
- * Copyright (C) 2010 Red Hat
- * see file 'COPYING' for use and warranty information
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-/* REQUIRES: ipa.js, details.js, search.js, add.js, entity.js */
-
-function ipa_hbac() {
-
-    var that = ipa_entity({
-        'name': 'hbac'
-    });
-
-    that.init = function() {
-
-        var dialog = ipa_hbac_add_dialog({
-            'name': 'add',
-            'title': 'Add New Rule'
-        });
-        that.add_dialog(dialog);
-        dialog.init();
-
-        var facet = ipa_hbac_search_facet({
-            'name': 'search',
-            'label': 'Search'
-        });
-        that.add_facet(facet);
-
-        facet = ipa_hbac_details_facet({
-            'name': 'details',
-            'label': 'Details'
-        });
-        that.add_facet(facet);
-
-        that.entity_init();
-    };
-
-    return that;
-}
-
-IPA.add_entity(ipa_hbac());
-
-function ipa_hbac_add_dialog(spec) {
-
-    spec = spec || {};
-
-    var that = ipa_add_dialog(spec);
-
-    that.init = function() {
-
-        that.add_field(ipa_text_widget({
-            'name': 'cn',
-            'undo': false
-        }));
-
-        that.add_field(ipa_radio_widget({
-            'name': 'accessruletype',
-            'options': [
-                { 'value': 'allow', 'label': 'Allow' },
-                { 'value': 'deny', 'label': 'Deny' }
-            ],
-            'undo': false
-        }));
-
-        that.add_dialog_init();
-    };
-
-    return that;
-}
-
-function ipa_hbac_search_facet(spec) {
-
-    spec = spec || {};
-
-    var that = ipa_search_facet(spec);
-
-    that.init = function() {
-
-        that.create_column({name:'cn'});
-        that.create_column({name:'usercategory'});
-        that.create_column({name:'hostcategory'});
-        that.create_column({name:'ipaenabledflag'});
-        that.create_column({name:'servicecategory'});
-        that.create_column({name:'sourcehostcategory'});
-
-        that.search_facet_init();
-    };
-
-    that.create = function(container) {
-
-/*
-        // Not yet implemented
-
-        var left_buttons = $('<span/>', {
-            'style': 'float: left;'
-        }).appendTo(container);
-
-        left_buttons.append(ipa_button({
-            'label': 'Troubleshoot Rules'
-        }));
-
-        left_buttons.append(ipa_button({
-            'label': 'Cull Disabled Rules'
-        }));
-*/
-
-        that.search_facet_create(container);
-
-    };
-
-    return that;
-}
-
-function ipa_hbac_details_facet(spec) {
-
-    spec = spec || {};
-
-    var that = ipa_details_facet(spec);
-
-    that.init = function() {
-
-        var section;
-
-        if (IPA.layout) {
-            section = that.create_section({
-                'name': 'general',
-                'label': 'General',
-                'template': 'hbac-details-general.html #contents'
-            });
-
-        } else {
-            section = ipa_hbac_details_general_section({
-                'name': 'general',
-                'label': 'General'
-            });
-            that.add_section(section);
-        }
-
-        section.create_text({ 'name': 'cn', 'label': 'Name', 'read_only': true });
-        section.create_radio({ 'name': 'accessruletype', 'label': 'Rule Type' });
-        section.create_textarea({ 'name': 'description', 'label': 'Description' });
-        section.create_radio({ 'name': 'ipaenabledflag', 'label': 'Enabled' });
-
-        if (IPA.layout) {
-            section = that.create_section({
-                'name': 'user',
-                'label': 'Who',
-                'template': 'hbac-details-user.html #contents'
-            });
-
-        } else {
-            section = ipa_rule_details_section({
-                'name': 'user',
-                'label': 'Who',
-                'text': 'Rule applies when access is requested by:',
-                'field_name': 'usercategory',
-                'options': [
-                    { 'value': 'all', 'label': 'Anyone' },
-                    { 'value': '', 'label': 'Specified Users and Groups' }
-                ],
-                'tables': [
-                    { 'field_name': 'memberuser_user' },
-                    { 'field_name': 'memberuser_group' }
-                ]
-            });
-            that.add_section(section);
-        }
-
-        var category = section.create_radio({ name: 'usercategory', label: 'User category' });
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-memberuser_user',
-            'name': 'memberuser_user', 'label': 'Users', 'category': category,
-            'other_entity': 'user', 'add_method': 'add_user', 'remove_method': 'remove_user'
-        }));
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-memberuser_group',
-            'name': 'memberuser_group', 'label': 'Groups', 'category': category,
-            'other_entity': 'group', 'add_method': 'add_user', 'remove_method': 'remove_user'
-        }));
-
-        if (IPA.layout) {
-            section = that.create_section({
-                'name': 'host',
-                'label': 'Accessing',
-                'template': 'hbac-details-host.html #contents'
-            });
-
-        } else {
-            section = ipa_rule_details_section({
-                'name': 'host',
-                'label': 'Accessing',
-                'text': 'Rule applies when access is requested to:',
-                'field_name': 'hostcategory',
-                'options': [
-                    { 'value': 'all', 'label': 'Any Host' },
-                    { 'value': '', 'label': 'Specified Hosts and Groups' }
-                ],
-                'tables': [
-                    { 'field_name': 'memberhost_host' },
-                    { 'field_name': 'memberhost_hostgroup' }
-                ]
-            });
-            that.add_section(section);
-        }
-
-        category = section.create_radio({ 'name': 'hostcategory', 'label': 'Host category' });
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-memberhost_host',
-            'name': 'memberhost_host', 'label': 'Hosts', 'category': category,
-            'other_entity': 'host', 'add_method': 'add_host', 'remove_method': 'remove_host'
-        }));
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-memberhost_hostgroup',
-            'name': 'memberhost_hostgroup', 'label': 'Host Groups', 'category': category,
-            'other_entity': 'hostgroup', 'add_method': 'add_host', 'remove_method': 'remove_host'
-        }));
-
-        if (IPA.layout) {
-            section = that.create_section({
-                'name': 'service',
-                'label': 'Via Service',
-                'template': 'hbac-details-service.html #contents'
-            });
-
-        } else {
-            section = ipa_rule_details_section({
-                'name': 'service',
-                'label': 'Via Service',
-                'text': 'Rule applies when access is requested via:',
-                'field_name': 'servicecategory',
-                'options': [
-                    { 'value': 'all', 'label': 'Any Service' },
-                    { 'value': '', 'label': 'Specified Services and Groups' }
-                ],
-                'tables': [
-                    { 'field_name': 'memberservice_hbacsvc' },
-                    { 'field_name': 'memberservice_hbacsvcgroup' }
-                ]
-            });
-            that.add_section(section);
-        }
-
-        category = section.create_radio({ 'name': 'servicecategory', 'label': 'Service category' });
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-memberservice_hbacsvc',
-            'name': 'memberservice_hbacsvc', 'label': 'Services', 'category': category,
-            'other_entity': 'hbacsvc', 'add_method': 'add_service', 'remove_method': 'remove_service'
-        }));
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-memberservice_hbacsvcgroup',
-            'name': 'memberservice_hbacsvcgroup', 'label': 'Service Groups', 'category': category,
-            'other_entity': 'hbacsvcgroup', 'add_method': 'add_service', 'remove_method': 'remove_service'
-        }));
-
-        if (IPA.layout) {
-            section = that.create_section({
-                'name': 'sourcehost',
-                'label': 'From',
-                'template': 'hbac-details-sourcehost.html #contents'
-            });
-
-        } else {
-            section = ipa_rule_details_section({
-                'name': 'sourcehost',
-                'label': 'From',
-                'text': 'Rule applies when access is being initiated from:',
-                'field_name': 'sourcehostcategory',
-                'options': [
-                    { 'value': 'all', 'label': 'Any Host' },
-                    { 'value': '', 'label': 'Specified Hosts and Groups' }
-                ],
-                'tables': [
-                    { 'field_name': 'sourcehost_host' },
-                    { 'field_name': 'sourcehost_hostgroup' }
-                ]
-            });
-            that.add_section(section);
-        }
-
-        category = section.create_radio({ 'name': 'sourcehostcategory', 'label': 'Source host category' });
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-sourcehost_host',
-            'name': 'sourcehost_host', 'label': 'Host', 'category': category,
-            'other_entity': 'host', 'add_method': 'add_sourcehost', 'remove_method': 'remove_sourcehost'
-        }));
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-sourcehost_hostgroup',
-            'name': 'sourcehost_hostgroup', 'label': 'Host Groups', 'category': category,
-            'other_entity': 'hostgroup', 'add_method': 'add_sourcehost', 'remove_method': 'remove_sourcehost'
-        }));
-/*
-        if (IPA.layout) {
-            section = that.create_section({
-                'name': 'accesstime',
-                'label': 'When',
-                'template': 'hbac-details-accesstime.html #contents'
-            });
-
-        } else {
-            section = that.create_section({
-                'name': 'accesstime',
-                'label': 'When'
-            });
-        }
-
-        section.add_field(ipa_hbac_accesstime_widget({
-            'id': 'accesstime',
-            'name': 'accesstime', 'label': 'Access Time',
-            'text': 'Rule applies when access is being requested at:',
-            'options': [
-                { 'value': 'all', 'label': 'Any Time' },
-                { 'value': '', 'label': 'Specified Times' }
-            ]
-        }));
-*/
-        that.details_facet_init();
-    };
-
-    that.update = function() {
-
-        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
-
-        var modify_operation = {
-            'execute': false,
-            'command': ipa_command({
-                'method': that.entity_name+'_mod',
-                'args': [pkey],
-                'options': {'all': true, 'rights': true}
-            })
-        };
-
-        var remove_accesstime = {
-            'template': ipa_command({
-                'method': that.entity_name+'_remove_accesstime',
-                'args': [pkey],
-                'options': {'all': true, 'rights': true}
-            }),
-            'commands': []
-        };
-
-        var categories = {
-            'usercategory': {
-                'remove_values': false
-            },
-            'hostcategory': {
-                'remove_values': false
-            },
-            'servicecategory': {
-                'remove_values': false
-            },
-            'sourcehostcategory': {
-                'remove_values': false
-            }
-        };
-
-        var member_operations = {
-            'memberuser': {
-                'category': 'usercategory',
-                'has_values': false,
-                'command': ipa_command({
-                    'method': that.entity_name+'_remove_user',
-                    'args': [pkey],
-                    'options': {'all': true, 'rights': true}
-                })
-            },
-            'memberhost': {
-                'category': 'hostcategory',
-                'has_values': false,
-                'command': ipa_command({
-                    'method': that.entity_name+'_remove_host',
-                    'args': [pkey],
-                    'options': {'all': true, 'rights': true}
-                })
-            },
-            'memberservice': {
-                'category': 'servicecategory',
-                'has_values': false,
-                'command': ipa_command({
-                    'method': that.entity_name+'_remove_service',
-                    'args': [pkey],
-                    'options': {'all': true, 'rights': true}
-                })
-            },
-            'sourcehost': {
-                'category': 'sourcehostcategory',
-                'has_values': false,
-                'command': ipa_command({
-                    'method': that.entity_name+'_remove_sourcehost',
-                    'args': [pkey],
-                    'options': {'all': true, 'rights': true}
-                })
-            }
-        };
-
-        var enable_operation = {
-            'execute': false,
-            'command': ipa_command({
-                'method': that.entity_name+'_enable',
-                'args': [pkey],
-                'options': {'all': true, 'rights': true}
-            })
-        };
-
-        for (var i=0; i<that.sections.length; i++) {
-            var section = that.sections[i];
-
-            var div = $('#'+that.entity_name+'-'+that.name+'-'+section.name, that.container);
-
-            for (var j=0; j<section.fields.length; j++) {
-                var field = section.fields[j];
-
-                var span = $('span[name='+field.name+']', div).first();
-                var values = field.save();
-                if (!values) continue;
-
-                var param_info = ipa_get_param_info(that.entity_name, field.name);
-
-                // skip primary key
-                if (param_info && param_info['primary_key']) continue;
-
-                var p = field.name.indexOf('_');
-                if (p >= 0) {
-                    // prepare command to remove members if needed
-                    var attribute = field.name.substring(0, p);
-                    var other_entity = field.name.substring(p+1);
-
-                    if (values.length) {
-                        member_operations[attribute].command.set_option(other_entity, values.join(','));
-                        member_operations[attribute].has_values = true;
-                    }
-                    continue;
-                }
-
-                // skip unchanged field
-                if (!field.is_dirty(span)) continue;
-
-                // check enable/disable
-                if (field.name == 'ipaenabledflag') {
-                    if (values[0] == 'FALSE') enable_operation.command.method = that.entity_name+'_disable';
-                    enable_operation.execute = true;
-                    continue;
-                }
-
-                if (field.name == 'accesstime') {
-                    // if accesstime is dirty, it means 'Any Time' is selected,
-                    // so existing values have to be removed
-                    for (var k=0; k<field.values.length; k++) {
-                        var command = ipa_command(remove_accesstime.template);
-                        command.set_option(field.name, field.values[k]);
-                        remove_accesstime.commands.push(command);
-                    }
-                    continue;
-                }
-
-                if (categories[field.name]) {
-                    if (values[0] == 'all') {
-                        categories[field.name].remove_values = true;
-                    }
-                }
-
-                // use setattr/addattr if param_info not available
-                if (!param_info) {
-                    for (var k=0; k<values.length; k++) {
-                        modify_operation.command.set_option(
-                            k == 0 ? 'setattr' : 'addattr',
-                            field.name+'='+values[k]
-                        );
-                        modify_operation.execute = true;
-                    }
-                    continue;
-                }
-
-                // set modify options
-                if (values.length == 1) {
-                    modify_operation.command.set_option(field.name, values[0]);
-                } else {
-                    modify_operation.command.set_option(field.name, values);
-                }
-                modify_operation.execute = true;
-            }
-        }
-
-        var batch = ipa_batch_command({
-            'name': 'hbac_details_update',
-            'on_success': function(data, text_status, xhr) {
-                that.refresh();
-            },
-            'on_error': function(xhr, text_status, error_thrown) {
-                that.refresh();
-            }
-        });
-
-        for (var member_attribute in member_operations) {
-            var member_operation = member_operations[member_attribute];
-            if (member_operation.has_values &&
-                categories[member_operation.category].remove_values) {
-                batch.add_command(member_operations[member_attribute].command);
-            }
-        }
-
-        batch.add_commands(remove_accesstime.commands);
-
-        if (modify_operation.execute) batch.add_command(modify_operation.command);
-        if (enable_operation.execute) batch.add_command(enable_operation.command);
-
-        if (!batch.commands.length) {
-            that.refresh();
-            return;
-        }
-
-        //alert(JSON.stringify(batch.to_json()));
-
-        batch.execute();
-    };
-
-    that.reset = function() {
-        for (var i=0; i<that.sections.length; i++) {
-            var section = that.sections[i];
-            section.reset();
-        }
-    };
-
-    return that;
-}
-
-function ipa_hbac_details_general_section(spec){
-
-    spec = spec || {};
-
-    var that = ipa_details_section(spec);
-
-    that.create = function(container) {
-
-        var table = $('<table/>', {
-            'style': 'width: 100%;'
-        }).appendTo(container);
-
-        var tr = $('<tr/>').appendTo(table);
-
-        var td = $('<td/>', {
-            'style': 'width: 100px; text-align: right;',
-            'html': 'Name:'
-        }).appendTo(tr);
-
-        td = $('<td/>').appendTo(tr);
-
-        var span = $('<span/>', { 'name': 'cn' }).appendTo(td);
-
-        $('<input/>', {
-            'type': 'text',
-            'name': 'cn',
-            'size': 30
-        }).appendTo(span);
-
-        span.append(' ');
-
-        $('<span/>', {
-            'name': 'undo',
-            'class': 'ui-state-highlight ui-corner-all',
-            'style': 'display: none;',
-            'html': 'undo'
-        }).appendTo(span);
-
-        td = $('<td/>', {
-            'style': 'text-align: right;'
-        }).appendTo(tr);
-
-        td.append('Rule type:');
-
-        span = $('<span/>', { 'name': 'accessruletype' }).appendTo(td);
-
-        $('<input/>', {
-            'type': 'radio',
-            'name': 'accessruletype',
-            'value': 'allow'
-        }).appendTo(span);
-
-        span.append('Allow');
-
-        $('<input/>', {
-            'type': 'radio',
-            'name': 'accessruletype',
-            'value': 'deny'
-        }).appendTo(span);
-
-        span.append('Deny');
-
-        span.append(' ');
-
-        $('<span/>', {
-            'name': 'undo',
-            'class': 'ui-state-highlight ui-corner-all',
-            'style': 'display: none;',
-            'html': 'undo'
-        }).appendTo(span);
-
-        tr = $('<tr/>').appendTo(table);
-
-        td = $('<td/>', {
-            'style': 'text-align: right; vertical-align: top;',
-            'html': 'Description:'
-        }).appendTo(tr);
-
-        td = $('<td/>', {
-            'colspan': 2
-        }).appendTo(tr);
-
-        span = $('<span/>', { 'name': 'description' }).appendTo(td);
-
-        $('<textarea/>', {
-            'name': 'description',
-            'rows': 5,
-            'style': 'width: 100%'
-        }).appendTo(span);
-
-        span.append(' ');
-
-        $('<span/>', {
-            'name': 'undo',
-            'class': 'ui-state-highlight ui-corner-all',
-            'style': 'display: none;',
-            'html': 'undo'
-        }).appendTo(span);
-
-        tr = $('<tr/>').appendTo(table);
-
-        td = $('<td/>', {
-            'style': 'text-align: right; vertical-align: top;',
-            'html': 'Rule status:'
-        }).appendTo(tr);
-
-        td = $('<td/>', {
-            'colspan': 2
-        }).appendTo(tr);
-
-        span = $('<span/>', { 'name': 'ipaenabledflag' }).appendTo(td);
-
-        $('<input/>', {
-            'type': 'radio',
-            'name': 'ipaenabledflag',
-            'value': 'TRUE'
-        }).appendTo(span);
-
-        span.append('Active');
-
-        $('<input/>', {
-            'type': 'radio',
-            'name': 'ipaenabledflag',
-            'value': 'FALSE'
-        }).appendTo(span);
-
-        span.append('Inactive');
-
-        span.append(' ');
-
-        $('<span/>', {
-            'name': 'undo',
-            'class': 'ui-state-highlight ui-corner-all',
-            'style': 'display: none;',
-            'html': 'undo'
-        }).appendTo(span);
-    };
-
-    return that;
-}
-
-function ipa_hbac_accesstime_widget(spec) {
-
-    spec = spec || {};
-
-    var that = ipa_widget(spec);
-
-    that.text = spec.text;
-    that.options = spec.options || [];
-
-    that.init = function() {
-
-        that.widget_init();
-
-        that.table = ipa_table_widget({
-            'id': 'accesstime-table',
-            'name': 'table', 'label': that.label
-        });
-
-        that.table.create_column({
-            'name': that.name,
-            'label': that.label,
-            'primary_key': true
-        });
-
-        that.table.init();
-    };
-
-    that.create = function(container) {
-
-        that.widget_create(container);
-
-        var span = $('<span/>', { 'name': 'text' }).appendTo(container);
-
-        span.append(that.text);
-
-        for (var i=0; i<that.options.length; i++) {
-            var option = that.options[i];
-
-            $('<input/>', {
-                'type': 'radio',
-                'name': that.name,
-                'value': option.value
-            }).appendTo(container);
-
-            container.append(option.label);
-        }
-
-        container.append(' ');
-
-        $('<span/>', {
-            'name': 'undo',
-            'class': 'ui-state-highlight ui-corner-all',
-            'style': 'display: none;',
-            'html': 'undo'
-        }).appendTo(container);
-
-        container.append('<br/>');
-
-        span = $('<span/>', { 'name': 'table' }).appendTo(container);
-
-        that.table.create(span);
-
-        var buttons = $('span[name=buttons]', span);
-
-        $('<input/>', {
-            'type': 'button',
-            'name': 'remove',
-            'value': 'Remove '+that.label
-        }).appendTo(buttons);
-
-        $('<input/>', {
-            'type': 'button',
-            'name': 'add',
-            'value': 'Add '+that.label
-        }).appendTo(buttons);
-    };
-
-    that.setup = function(container) {
-
-        that.widget_setup(container);
-
-        var span = $('span[name="table"]', that.container);
-        that.table.setup(span);
-
-        var button = $('input[name=remove]', span);
-        button.replaceWith(ipa_button({
-            'label': button.val(),
-            'icon': 'ui-icon-trash',
-            'click': function() { that.remove(that.container); }
-        }));
-
-        button = $('input[name=add]', span);
-        button.replaceWith(ipa_button({
-            'label': button.val(),
-            'icon': 'ui-icon-plus',
-            'click': function() { that.add(that.container) }
-        }));
-
-        var input = $('input[name="'+that.name+'"]', that.container);
-        input.change(function() {
-            that.show_undo();
-        });
-
-        var undo = that.get_undo();
-        undo.click(function() {
-            that.reset();
-        });
-    };
-
-    that.save = function() {
-        var value = $('input[name="'+that.name+'"]:checked', that.container).val();
-        if (value == '') {
-            return that.table.save();
-        } else {
-            return [];
-        }
-    };
-
-    that.load = function(record) {
-
-        that.values = record[that.name] || [];
-        that.reset();
-    };
-
-    that.update = function() {
-
-        that.set_category(that.container, that.values && that.values.length ? '' : 'all');
-
-        that.table.tbody.empty();
-        for (var i=0; that.values && i<that.values.length; i++) {
-            var record = {};
-            record[that.name] = that.values[i];
-            that.table.add_record(record);
-        }
-    };
-
-    that.set_category = function(container, value) {
-        $('input[name="'+that.name+'"][value="'+value+'"]', that.container).get(0).checked = true;
-    };
-
-    that.add = function() {
-
-        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
-        var title = 'Add '+that.label+' to '+that.entity_name+' '+pkey;
-
-        var dialog = ipa_dialog({
-            'title': title
-        });
-
-        dialog.add_field(ipa_text_widget({
-            'name': that.name,
-            'label': that.label
-        }));
-
-        dialog.create = function() {
-            var table = $('<table/>').appendTo(dialog.container);
-
-            var tr = $('<tr/>').appendTo(table);
-
-            var td = $('<td/>', {
-                'style': 'vertical-align: top;'
-            }).appendTo(tr);
-            td.append(that.label+': ');
-
-            td = $('<td/>').appendTo(tr);
-
-            var span = $('<span/>', { 'name': that.name }).appendTo(td);
-
-            $('<input/>', {
-                'type': 'text',
-                'name': that.name,
-                'size': 40
-            }).appendTo(span);
-
-            tr = $('<tr/>').appendTo(table);
-
-            td = $('<td/>', {
-                'style': 'vertical-align: top;'
-            }).appendTo(tr);
-            td.append('Example:');
-
-            td = $('<td/>').appendTo(tr);
-
-            td.append('<b>Every day between 0800 and 1400:</b><br/>');
-            td.append('periodic daily 0800-1400<br/><br/>');
-
-            td.append('<b>December 16, 2010 from 10:32 until 10:33:</b><br/>');
-            td.append('absolute 201012161032 ~ 201012161033<td/>');
-        };
-
-        function add(on_success, on_error) {
-
-            var field = dialog.get_field(that.name);
-            var value = field.save()[0];
-
-            var command = ipa_command({
-                'method': that.entity_name+'_add_'+that.name,
-                'args': [pkey],
-                'on_success': function() {
-                    that.refresh();
-                    if (on_success) on_success();
-                },
-                'on_error': function() {
-                    that.refresh();
-                    if (on_error) on_error();
-                }
-            });
-
-            command.set_option(that.name, value);
-
-            command.execute();
-        }
-
-        dialog.add_button('Add', function() {
-            add(
-                function() { dialog.reset(); }
-            );
-        });
-
-        dialog.add_button('Add and Close', function() {
-            add(
-                function() { dialog.close(); },
-                function() { dialog.close(); }
-            );
-        });
-
-        dialog.add_button('Cancel', function() {
-            dialog.close();
-        });
-
-        dialog.init();
-
-        dialog.open(that.container);
-    };
-
-    that.remove = function() {
-
-        var values = that.table.get_selected_values();
-
-        if (!values.length) {
-            alert('Select '+that.label+' to be removed.');
-            return;
-        }
-
-        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
-        var title = 'Remove '+that.label+' from '+that.entity_name+' '+pkey;
-
-        var dialog = ipa_deleter_dialog({
-            'title': title,
-            'values': values
-        });
-
-        dialog.remove = function() {
-
-            var batch = ipa_batch_command({
-                'on_success': function() {
-                    that.refresh();
-                    dialog.close();
-                },
-                'on_error': function() {
-                    that.refresh();
-                    dialog.close();
-                }
-            });
-
-            for (var i=0; i<values.length; i++) {
-                var command = ipa_command({
-                    'method': that.entity_name+'_remove_'+that.name,
-                    'args': [pkey]
-                });
-
-                command.set_option(that.name, values[i]);
-
-                batch.add_command(command);
-            }
-
-            batch.execute();
-        };
-
-        dialog.init();
-
-        dialog.open(that.container);
-    };
-
-    that.refresh = function() {
-
-        function on_success(data, text_status, xhr) {
-            that.load(data.result.result);
-        }
-
-        function on_error(xhr, text_status, error_thrown) {
-            var summary = $('span[name=summary]', that.table.tfoot).empty();
-            summary.append('<p>Error: '+error_thrown.name+'</p>');
-            summary.append('<p>'+error_thrown.title+'</p>');
-            summary.append('<p>'+error_thrown.message+'</p>');
-        }
-
-        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
-        ipa_cmd('show', [pkey], {'rights': true}, on_success, on_error, that.entity_name);
-    };
-
-    return that;
-}
diff --git a/install/static/hbacrule.js b/install/static/hbacrule.js
new file mode 100755
index 00000000..0e6d82cc
--- /dev/null
+++ b/install/static/hbacrule.js
@@ -0,0 +1,984 @@
+/*  Authors:
+ *    Endi Sukma Dewata <edewata@redhat.com>
+ *
+ * Copyright (C) 2010 Red Hat
+ * see file 'COPYING' for use and warranty information
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* REQUIRES: ipa.js, details.js, search.js, add.js, entity.js */
+
+function ipa_hbacrule() {
+
+    var that = ipa_entity({
+        'name': 'hbacrule'
+    });
+
+    that.init = function() {
+
+        var dialog = ipa_hbacrule_add_dialog({
+            'name': 'add',
+            'title': 'Add New Rule'
+        });
+        that.add_dialog(dialog);
+        dialog.init();
+
+        var facet = ipa_hbacrule_search_facet({
+            'name': 'search',
+            'label': 'Search'
+        });
+        that.add_facet(facet);
+
+        facet = ipa_hbacrule_details_facet({
+            'name': 'details',
+            'label': 'Details'
+        });
+        that.add_facet(facet);
+
+        that.entity_init();
+    };
+
+    return that;
+}
+
+IPA.add_entity(ipa_hbacrule());
+
+function ipa_hbacrule_add_dialog(spec) {
+
+    spec = spec || {};
+
+    var that = ipa_add_dialog(spec);
+
+    that.init = function() {
+
+        that.add_field(ipa_text_widget({
+            'name': 'cn',
+            'undo': false
+        }));
+
+        that.add_field(ipa_radio_widget({
+            'name': 'accessruletype',
+            'options': [
+                { 'value': 'allow', 'label': 'Allow' },
+                { 'value': 'deny', 'label': 'Deny' }
+            ],
+            'undo': false
+        }));
+
+        that.add_dialog_init();
+    };
+
+    return that;
+}
+
+function ipa_hbacrule_search_facet(spec) {
+
+    spec = spec || {};
+
+    var that = ipa_search_facet(spec);
+
+    that.init = function() {
+
+        that.create_column({name:'cn'});
+        that.create_column({name:'usercategory'});
+        that.create_column({name:'hostcategory'});
+        that.create_column({name:'ipaenabledflag'});
+        that.create_column({name:'servicecategory'});
+        that.create_column({name:'sourcehostcategory'});
+
+        that.search_facet_init();
+    };
+
+    that.create = function(container) {
+
+/*
+        // Not yet implemented
+
+        var left_buttons = $('<span/>', {
+            'style': 'float: left;'
+        }).appendTo(container);
+
+        left_buttons.append(ipa_button({
+            'label': 'Troubleshoot Rules'
+        }));
+
+        left_buttons.append(ipa_button({
+            'label': 'Cull Disabled Rules'
+        }));
+*/
+
+        that.search_facet_create(container);
+
+    };
+
+    return that;
+}
+
+function ipa_hbacrule_details_facet(spec) {
+
+    spec = spec || {};
+
+    var that = ipa_details_facet(spec);
+
+    that.init = function() {
+
+        var section;
+
+        if (IPA.layout) {
+            section = that.create_section({
+                'name': 'general',
+                'label': 'General',
+                'template': 'hbacrule-details-general.html #contents'
+            });
+
+        } else {
+            section = ipa_hbacrule_details_general_section({
+                'name': 'general',
+                'label': 'General'
+            });
+            that.add_section(section);
+        }
+
+        section.create_text({ 'name': 'cn', 'label': 'Name', 'read_only': true });
+        section.create_radio({ 'name': 'accessruletype', 'label': 'Rule Type' });
+        section.create_textarea({ 'name': 'description', 'label': 'Description' });
+        section.create_radio({ 'name': 'ipaenabledflag', 'label': 'Enabled' });
+
+        if (IPA.layout) {
+            section = that.create_section({
+                'name': 'user',
+                'label': 'Who',
+                'template': 'hbacrule-details-user.html #contents'
+            });
+
+        } else {
+            section = ipa_rule_details_section({
+                'name': 'user',
+                'label': 'Who',
+                'text': 'Rule applies when access is requested by:',
+                'field_name': 'usercategory',
+                'options': [
+                    { 'value': 'all', 'label': 'Anyone' },
+                    { 'value': '', 'label': 'Specified Users and Groups' }
+                ],
+                'tables': [
+                    { 'field_name': 'memberuser_user' },
+                    { 'field_name': 'memberuser_group' }
+                ]
+            });
+            that.add_section(section);
+        }
+
+        var category = section.create_radio({ name: 'usercategory', label: 'User category' });
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-memberuser_user',
+            'name': 'memberuser_user', 'label': 'Users', 'category': category,
+            'other_entity': 'user', 'add_method': 'add_user', 'remove_method': 'remove_user'
+        }));
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-memberuser_group',
+            'name': 'memberuser_group', 'label': 'Groups', 'category': category,
+            'other_entity': 'group', 'add_method': 'add_user', 'remove_method': 'remove_user'
+        }));
+
+        if (IPA.layout) {
+            section = that.create_section({
+                'name': 'host',
+                'label': 'Accessing',
+                'template': 'hbacrule-details-host.html #contents'
+            });
+
+        } else {
+            section = ipa_rule_details_section({
+                'name': 'host',
+                'label': 'Accessing',
+                'text': 'Rule applies when access is requested to:',
+                'field_name': 'hostcategory',
+                'options': [
+                    { 'value': 'all', 'label': 'Any Host' },
+                    { 'value': '', 'label': 'Specified Hosts and Groups' }
+                ],
+                'tables': [
+                    { 'field_name': 'memberhost_host' },
+                    { 'field_name': 'memberhost_hostgroup' }
+                ]
+            });
+            that.add_section(section);
+        }
+
+        category = section.create_radio({ 'name': 'hostcategory', 'label': 'Host category' });
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-memberhost_host',
+            'name': 'memberhost_host', 'label': 'Hosts', 'category': category,
+            'other_entity': 'host', 'add_method': 'add_host', 'remove_method': 'remove_host'
+        }));
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-memberhost_hostgroup',
+            'name': 'memberhost_hostgroup', 'label': 'Host Groups', 'category': category,
+            'other_entity': 'hostgroup', 'add_method': 'add_host', 'remove_method': 'remove_host'
+        }));
+
+        if (IPA.layout) {
+            section = that.create_section({
+                'name': 'service',
+                'label': 'Via Service',
+                'template': 'hbacrule-details-service.html #contents'
+            });
+
+        } else {
+            section = ipa_rule_details_section({
+                'name': 'service',
+                'label': 'Via Service',
+                'text': 'Rule applies when access is requested via:',
+                'field_name': 'servicecategory',
+                'options': [
+                    { 'value': 'all', 'label': 'Any Service' },
+                    { 'value': '', 'label': 'Specified Services and Groups' }
+                ],
+                'tables': [
+                    { 'field_name': 'memberservice_hbacsvc' },
+                    { 'field_name': 'memberservice_hbacsvcgroup' }
+                ]
+            });
+            that.add_section(section);
+        }
+
+        category = section.create_radio({ 'name': 'servicecategory', 'label': 'Service category' });
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-memberservice_hbacsvc',
+            'name': 'memberservice_hbacsvc', 'label': 'Services', 'category': category,
+            'other_entity': 'hbacsvc', 'add_method': 'add_service', 'remove_method': 'remove_service'
+        }));
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-memberservice_hbacsvcgroup',
+            'name': 'memberservice_hbacsvcgroup', 'label': 'Service Groups', 'category': category,
+            'other_entity': 'hbacsvcgroup', 'add_method': 'add_service', 'remove_method': 'remove_service'
+        }));
+
+        if (IPA.layout) {
+            section = that.create_section({
+                'name': 'sourcehost',
+                'label': 'From',
+                'template': 'hbacrule-details-sourcehost.html #contents'
+            });
+
+        } else {
+            section = ipa_rule_details_section({
+                'name': 'sourcehost',
+                'label': 'From',
+                'text': 'Rule applies when access is being initiated from:',
+                'field_name': 'sourcehostcategory',
+                'options': [
+                    { 'value': 'all', 'label': 'Any Host' },
+                    { 'value': '', 'label': 'Specified Hosts and Groups' }
+                ],
+                'tables': [
+                    { 'field_name': 'sourcehost_host' },
+                    { 'field_name': 'sourcehost_hostgroup' }
+                ]
+            });
+            that.add_section(section);
+        }
+
+        category = section.create_radio({ 'name': 'sourcehostcategory', 'label': 'Source host category' });
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-sourcehost_host',
+            'name': 'sourcehost_host', 'label': 'Host', 'category': category,
+            'other_entity': 'host', 'add_method': 'add_sourcehost', 'remove_method': 'remove_sourcehost'
+        }));
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-sourcehost_hostgroup',
+            'name': 'sourcehost_hostgroup', 'label': 'Host Groups', 'category': category,
+            'other_entity': 'hostgroup', 'add_method': 'add_sourcehost', 'remove_method': 'remove_sourcehost'
+        }));
+/*
+        if (IPA.layout) {
+            section = that.create_section({
+                'name': 'accesstime',
+                'label': 'When',
+                'template': 'hbacrule-details-accesstime.html #contents'
+            });
+
+        } else {
+            section = that.create_section({
+                'name': 'accesstime',
+                'label': 'When'
+            });
+        }
+
+        section.add_field(ipa_hbacrule_accesstime_widget({
+            'id': 'accesstime',
+            'name': 'accesstime', 'label': 'Access Time',
+            'text': 'Rule applies when access is being requested at:',
+            'options': [
+                { 'value': 'all', 'label': 'Any Time' },
+                { 'value': '', 'label': 'Specified Times' }
+            ]
+        }));
+*/
+        that.details_facet_init();
+    };
+
+    that.update = function() {
+
+        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
+
+        var modify_operation = {
+            'execute': false,
+            'command': ipa_command({
+                'method': that.entity_name+'_mod',
+                'args': [pkey],
+                'options': {'all': true, 'rights': true}
+            })
+        };
+
+        var remove_accesstime = {
+            'template': ipa_command({
+                'method': that.entity_name+'_remove_accesstime',
+                'args': [pkey],
+                'options': {'all': true, 'rights': true}
+            }),
+            'commands': []
+        };
+
+        var categories = {
+            'usercategory': {
+                'remove_values': false
+            },
+            'hostcategory': {
+                'remove_values': false
+            },
+            'servicecategory': {
+                'remove_values': false
+            },
+            'sourcehostcategory': {
+                'remove_values': false
+            }
+        };
+
+        var member_operations = {
+            'memberuser': {
+                'category': 'usercategory',
+                'has_values': false,
+                'command': ipa_command({
+                    'method': that.entity_name+'_remove_user',
+                    'args': [pkey],
+                    'options': {'all': true, 'rights': true}
+                })
+            },
+            'memberhost': {
+                'category': 'hostcategory',
+                'has_values': false,
+                'command': ipa_command({
+                    'method': that.entity_name+'_remove_host',
+                    'args': [pkey],
+                    'options': {'all': true, 'rights': true}
+                })
+            },
+            'memberservice': {
+                'category': 'servicecategory',
+                'has_values': false,
+                'command': ipa_command({
+                    'method': that.entity_name+'_remove_service',
+                    'args': [pkey],
+                    'options': {'all': true, 'rights': true}
+                })
+            },
+            'sourcehost': {
+                'category': 'sourcehostcategory',
+                'has_values': false,
+                'command': ipa_command({
+                    'method': that.entity_name+'_remove_sourcehost',
+                    'args': [pkey],
+                    'options': {'all': true, 'rights': true}
+                })
+            }
+        };
+
+        var enable_operation = {
+            'execute': false,
+            'command': ipa_command({
+                'method': that.entity_name+'_enable',
+                'args': [pkey],
+                'options': {'all': true, 'rights': true}
+            })
+        };
+
+        for (var i=0; i<that.sections.length; i++) {
+            var section = that.sections[i];
+
+            var div = $('#'+that.entity_name+'-'+that.name+'-'+section.name, that.container);
+
+            for (var j=0; j<section.fields.length; j++) {
+                var field = section.fields[j];
+
+                var span = $('span[name='+field.name+']', div).first();
+                var values = field.save();
+                if (!values) continue;
+
+                var param_info = ipa_get_param_info(that.entity_name, field.name);
+
+                // skip primary key
+                if (param_info && param_info['primary_key']) continue;
+
+                var p = field.name.indexOf('_');
+                if (p >= 0) {
+                    // prepare command to remove members if needed
+                    var attribute = field.name.substring(0, p);
+                    var other_entity = field.name.substring(p+1);
+
+                    if (values.length) {
+                        member_operations[attribute].command.set_option(other_entity, values.join(','));
+                        member_operations[attribute].has_values = true;
+                    }
+                    continue;
+                }
+
+                // skip unchanged field
+                if (!field.is_dirty(span)) continue;
+
+                // check enable/disable
+                if (field.name == 'ipaenabledflag') {
+                    if (values[0] == 'FALSE') enable_operation.command.method = that.entity_name+'_disable';
+                    enable_operation.execute = true;
+                    continue;
+                }
+
+                if (field.name == 'accesstime') {
+                    // if accesstime is dirty, it means 'Any Time' is selected,
+                    // so existing values have to be removed
+                    for (var k=0; k<field.values.length; k++) {
+                        var command = ipa_command(remove_accesstime.template);
+                        command.set_option(field.name, field.values[k]);
+                        remove_accesstime.commands.push(command);
+                    }
+                    continue;
+                }
+
+                if (categories[field.name]) {
+                    if (values[0] == 'all') {
+                        categories[field.name].remove_values = true;
+                    }
+                }
+
+                // use setattr/addattr if param_info not available
+                if (!param_info) {
+                    for (var k=0; k<values.length; k++) {
+                        modify_operation.command.set_option(
+                            k == 0 ? 'setattr' : 'addattr',
+                            field.name+'='+values[k]
+                        );
+                        modify_operation.execute = true;
+                    }
+                    continue;
+                }
+
+                // set modify options
+                if (values.length == 1) {
+                    modify_operation.command.set_option(field.name, values[0]);
+                } else {
+                    modify_operation.command.set_option(field.name, values);
+                }
+                modify_operation.execute = true;
+            }
+        }
+
+        var batch = ipa_batch_command({
+            'name': 'hbac_details_update',
+            'on_success': function(data, text_status, xhr) {
+                that.refresh();
+            },
+            'on_error': function(xhr, text_status, error_thrown) {
+                that.refresh();
+            }
+        });
+
+        for (var member_attribute in member_operations) {
+            var member_operation = member_operations[member_attribute];
+            if (member_operation.has_values &&
+                categories[member_operation.category].remove_values) {
+                batch.add_command(member_operations[member_attribute].command);
+            }
+        }
+
+        batch.add_commands(remove_accesstime.commands);
+
+        if (modify_operation.execute) batch.add_command(modify_operation.command);
+        if (enable_operation.execute) batch.add_command(enable_operation.command);
+
+        if (!batch.commands.length) {
+            that.refresh();
+            return;
+        }
+
+        alert(JSON.stringify(batch.to_json()));
+
+        batch.execute();
+    };
+
+    that.reset = function() {
+        for (var i=0; i<that.sections.length; i++) {
+            var section = that.sections[i];
+            section.reset();
+        }
+    };
+
+    return that;
+}
+
+function ipa_hbacrule_details_general_section(spec){
+
+    spec = spec || {};
+
+    var that = ipa_details_section(spec);
+
+    that.create = function(container) {
+
+        var table = $('<table/>', {
+            'style': 'width: 100%;'
+        }).appendTo(container);
+
+        var tr = $('<tr/>').appendTo(table);
+
+        var td = $('<td/>', {
+            'style': 'width: 100px; text-align: right;',
+            'html': 'Name:'
+        }).appendTo(tr);
+
+        td = $('<td/>').appendTo(tr);
+
+        var span = $('<span/>', { 'name': 'cn' }).appendTo(td);
+
+        $('<input/>', {
+            'type': 'text',
+            'name': 'cn',
+            'size': 30
+        }).appendTo(span);
+
+        span.append(' ');
+
+        $('<span/>', {
+            'name': 'undo',
+            'class': 'ui-state-highlight ui-corner-all',
+            'style': 'display: none;',
+            'html': 'undo'
+        }).appendTo(span);
+
+        td = $('<td/>', {
+            'style': 'text-align: right;'
+        }).appendTo(tr);
+
+        td.append('Rule type:');
+
+        span = $('<span/>', { 'name': 'accessruletype' }).appendTo(td);
+
+        $('<input/>', {
+            'type': 'radio',
+            'name': 'accessruletype',
+            'value': 'allow'
+        }).appendTo(span);
+
+        span.append('Allow');
+
+        $('<input/>', {
+            'type': 'radio',
+            'name': 'accessruletype',
+            'value': 'deny'
+        }).appendTo(span);
+
+        span.append('Deny');
+
+        span.append(' ');
+
+        $('<span/>', {
+            'name': 'undo',
+            'class': 'ui-state-highlight ui-corner-all',
+            'style': 'display: none;',
+            'html': 'undo'
+        }).appendTo(span);
+
+        tr = $('<tr/>').appendTo(table);
+
+        td = $('<td/>', {
+            'style': 'text-align: right; vertical-align: top;',
+            'html': 'Description:'
+        }).appendTo(tr);
+
+        td = $('<td/>', {
+            'colspan': 2
+        }).appendTo(tr);
+
+        span = $('<span/>', { 'name': 'description' }).appendTo(td);
+
+        $('<textarea/>', {
+            'name': 'description',
+            'rows': 5,
+            'style': 'width: 100%'
+        }).appendTo(span);
+
+        span.append(' ');
+
+        $('<span/>', {
+            'name': 'undo',
+            'class': 'ui-state-highlight ui-corner-all',
+            'style': 'display: none;',
+            'html': 'undo'
+        }).appendTo(span);
+
+        tr = $('<tr/>').appendTo(table);
+
+        td = $('<td/>', {
+            'style': 'text-align: right; vertical-align: top;',
+            'html': 'Rule status:'
+        }).appendTo(tr);
+
+        td = $('<td/>', {
+            'colspan': 2
+        }).appendTo(tr);
+
+        span = $('<span/>', { 'name': 'ipaenabledflag' }).appendTo(td);
+
+        $('<input/>', {
+            'type': 'radio',
+            'name': 'ipaenabledflag',
+            'value': 'TRUE'
+        }).appendTo(span);
+
+        span.append('Active');
+
+        $('<input/>', {
+            'type': 'radio',
+            'name': 'ipaenabledflag',
+            'value': 'FALSE'
+        }).appendTo(span);
+
+        span.append('Inactive');
+
+        span.append(' ');
+
+        $('<span/>', {
+            'name': 'undo',
+            'class': 'ui-state-highlight ui-corner-all',
+            'style': 'display: none;',
+            'html': 'undo'
+        }).appendTo(span);
+    };
+
+    return that;
+}
+
+function ipa_hbacrule_accesstime_widget(spec) {
+
+    spec = spec || {};
+
+    var that = ipa_widget(spec);
+
+    that.text = spec.text;
+    that.options = spec.options || [];
+
+    that.init = function() {
+
+        that.widget_init();
+
+        that.table = ipa_table_widget({
+            'id': 'accesstime-table',
+            'name': 'table', 'label': that.label
+        });
+
+        that.table.create_column({
+            'name': that.name,
+            'label': that.label,
+            'primary_key': true
+        });
+
+        that.table.init();
+    };
+
+    that.create = function(container) {
+
+        that.widget_create(container);
+
+        var span = $('<span/>', { 'name': 'text' }).appendTo(container);
+
+        span.append(that.text);
+
+        for (var i=0; i<that.options.length; i++) {
+            var option = that.options[i];
+
+            $('<input/>', {
+                'type': 'radio',
+                'name': that.name,
+                'value': option.value
+            }).appendTo(container);
+
+            container.append(option.label);
+        }
+
+        container.append(' ');
+
+        $('<span/>', {
+            'name': 'undo',
+            'class': 'ui-state-highlight ui-corner-all',
+            'style': 'display: none;',
+            'html': 'undo'
+        }).appendTo(container);
+
+        container.append('<br/>');
+
+        span = $('<span/>', { 'name': 'table' }).appendTo(container);
+
+        that.table.create(span);
+
+        var buttons = $('span[name=buttons]', span);
+
+        $('<input/>', {
+            'type': 'button',
+            'name': 'remove',
+            'value': 'Remove '+that.label
+        }).appendTo(buttons);
+
+        $('<input/>', {
+            'type': 'button',
+            'name': 'add',
+            'value': 'Add '+that.label
+        }).appendTo(buttons);
+    };
+
+    that.setup = function(container) {
+
+        that.widget_setup(container);
+
+        var span = $('span[name="table"]', that.container);
+        that.table.setup(span);
+
+        var button = $('input[name=remove]', span);
+        button.replaceWith(ipa_button({
+            'label': button.val(),
+            'icon': 'ui-icon-trash',
+            'click': function() { that.remove(that.container); }
+        }));
+
+        button = $('input[name=add]', span);
+        button.replaceWith(ipa_button({
+            'label': button.val(),
+            'icon': 'ui-icon-plus',
+            'click': function() { that.add(that.container) }
+        }));
+
+        var input = $('input[name="'+that.name+'"]', that.container);
+        input.change(function() {
+            that.show_undo();
+        });
+
+        var undo = that.get_undo();
+        undo.click(function() {
+            that.reset();
+        });
+    };
+
+    that.save = function() {
+        var value = $('input[name="'+that.name+'"]:checked', that.container).val();
+        if (value == '') {
+            return that.table.save();
+        } else {
+            return [];
+        }
+    };
+
+    that.load = function(record) {
+
+        that.values = record[that.name] || [];
+        that.reset();
+    };
+
+    that.update = function() {
+
+        that.set_category(that.container, that.values && that.values.length ? '' : 'all');
+
+        that.table.tbody.empty();
+        for (var i=0; that.values && i<that.values.length; i++) {
+            var record = {};
+            record[that.name] = that.values[i];
+            that.table.add_record(record);
+        }
+    };
+
+    that.set_category = function(container, value) {
+        $('input[name="'+that.name+'"][value="'+value+'"]', that.container).get(0).checked = true;
+    };
+
+    that.add = function() {
+
+        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
+        var title = 'Add '+that.label+' to '+that.entity_name+' '+pkey;
+
+        var dialog = ipa_dialog({
+            'title': title
+        });
+
+        dialog.add_field(ipa_text_widget({
+            'name': that.name,
+            'label': that.label
+        }));
+
+        dialog.create = function() {
+            var table = $('<table/>').appendTo(dialog.container);
+
+            var tr = $('<tr/>').appendTo(table);
+
+            var td = $('<td/>', {
+                'style': 'vertical-align: top;'
+            }).appendTo(tr);
+            td.append(that.label+': ');
+
+            td = $('<td/>').appendTo(tr);
+
+            var span = $('<span/>', { 'name': that.name }).appendTo(td);
+
+            $('<input/>', {
+                'type': 'text',
+                'name': that.name,
+                'size': 40
+            }).appendTo(span);
+
+            tr = $('<tr/>').appendTo(table);
+
+            td = $('<td/>', {
+                'style': 'vertical-align: top;'
+            }).appendTo(tr);
+            td.append('Example:');
+
+            td = $('<td/>').appendTo(tr);
+
+            td.append('<b>Every day between 0800 and 1400:</b><br/>');
+            td.append('periodic daily 0800-1400<br/><br/>');
+
+            td.append('<b>December 16, 2010 from 10:32 until 10:33:</b><br/>');
+            td.append('absolute 201012161032 ~ 201012161033<td/>');
+        };
+
+        function add(on_success, on_error) {
+
+            var field = dialog.get_field(that.name);
+            var value = field.save()[0];
+
+            var command = ipa_command({
+                'method': that.entity_name+'_add_'+that.name,
+                'args': [pkey],
+                'on_success': function() {
+                    that.refresh();
+                    if (on_success) on_success();
+                },
+                'on_error': function() {
+                    that.refresh();
+                    if (on_error) on_error();
+                }
+            });
+
+            command.set_option(that.name, value);
+
+            command.execute();
+        }
+
+        dialog.add_button('Add', function() {
+            add(
+                function() { dialog.reset(); }
+            );
+        });
+
+        dialog.add_button('Add and Close', function() {
+            add(
+                function() { dialog.close(); },
+                function() { dialog.close(); }
+            );
+        });
+
+        dialog.add_button('Cancel', function() {
+            dialog.close();
+        });
+
+        dialog.init();
+
+        dialog.open(that.container);
+    };
+
+    that.remove = function() {
+
+        var values = that.table.get_selected_values();
+
+        if (!values.length) {
+            alert('Select '+that.label+' to be removed.');
+            return;
+        }
+
+        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
+        var title = 'Remove '+that.label+' from '+that.entity_name+' '+pkey;
+
+        var dialog = ipa_deleter_dialog({
+            'title': title,
+            'values': values
+        });
+
+        dialog.remove = function() {
+
+            var batch = ipa_batch_command({
+                'on_success': function() {
+                    that.refresh();
+                    dialog.close();
+                },
+                'on_error': function() {
+                    that.refresh();
+                    dialog.close();
+                }
+            });
+
+            for (var i=0; i<values.length; i++) {
+                var command = ipa_command({
+                    'method': that.entity_name+'_remove_'+that.name,
+                    'args': [pkey]
+                });
+
+                command.set_option(that.name, values[i]);
+
+                batch.add_command(command);
+            }
+
+            batch.execute();
+        };
+
+        dialog.init();
+
+        dialog.open(that.container);
+    };
+
+    that.refresh = function() {
+
+        function on_success(data, text_status, xhr) {
+            that.load(data.result.result);
+        }
+
+        function on_error(xhr, text_status, error_thrown) {
+            var summary = $('span[name=summary]', that.table.tfoot).empty();
+            summary.append('<p>Error: '+error_thrown.name+'</p>');
+            summary.append('<p>'+error_thrown.title+'</p>');
+            summary.append('<p>'+error_thrown.message+'</p>');
+        }
+
+        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
+        ipa_cmd('show', [pkey], {'rights': true}, on_success, on_error, that.entity_name);
+    };
+
+    return that;
+}
diff --git a/install/static/index.html b/install/static/index.html
index 9a62470f..d63bfc10 100644
--- a/install/static/index.html
+++ b/install/static/index.html
@@ -23,7 +23,7 @@
     <script type="text/javascript" src="certificate.js"></script>
     <script type="text/javascript" src="user.js"></script>
     <script type="text/javascript" src="group.js"></script>
-    <script type="text/javascript" src="hbac.js"></script>
+    <script type="text/javascript" src="hbacrule.js"></script>
     <script type="text/javascript" src="hbacsvc.js"></script>
     <script type="text/javascript" src="hbacsvcgroup.js"></script>
     <script type="text/javascript" src="host.js"></script>
diff --git a/install/static/layouts/default/Makefile.am b/install/static/layouts/default/Makefile.am
index ca57a653..b02c1c50 100644
--- a/install/static/layouts/default/Makefile.am
+++ b/install/static/layouts/default/Makefile.am
@@ -7,12 +7,12 @@ SUBDIRS =  				\
 
 appdir = $(IPA_DATA_DIR)/static/layouts/default
 app_DATA =                              \
-	hbac-details-accesstime.html	\
-	hbac-details-general.html	\
-	hbac-details-host.html		\
-	hbac-details-service.html	\
-	hbac-details-sourcehost.html	\
-	hbac-details-user.html		\
+	hbacrule-details-accesstime.html	\
+	hbacrule-details-general.html	\
+	hbacrule-details-host.html		\
+	hbacrule-details-service.html	\
+	hbacrule-details-sourcehost.html	\
+	hbacrule-details-user.html		\
 	sudorule-details-general.html	\
 	sudorule-group-dialog.html	\
 	sudorule-host-dialog.html	\
diff --git a/install/static/layouts/default/hbac-details-accesstime.html b/install/static/layouts/default/hbac-details-accesstime.html
deleted file mode 100755
index 8d5e258b..00000000
--- a/install/static/layouts/default/hbac-details-accesstime.html
+++ /dev/null
@@ -1,49 +0,0 @@
-<html>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>When</title>
-
-    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
-    <link rel="stylesheet" type="text/css" href="ipa.css" />
-</head>
-<body>
-<div id="contents">
-    <span name="accesstime">
-        <span name="text">Rule applies when access is being requested at:</span>
-        <input type="radio" name="accesstime" value="all"/>Any Time
-        <input type="radio" name="accesstime" value=""/>Specified Times
-        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-        <br/>
-
-        <span name="table">
-        <table class="search-table">
-        <thead>
-            <tr>
-                <th style="width: 25px;">
-                    <input type="checkbox" name="select"/>
-                </th>
-                <th>
-                    <span style="float: left;">Access Time</span>
-                    <span name="buttons" style="float: right;">
-                        <input type="button" name="remove" value="Remove Access Times"/>
-                        <input type="button" name="add" value="Add Access Times"/>
-                    </span>
-                </th>
-            </tr>
-        </thead>
-        <tbody>
-            <tr>
-                <td>
-                    <input type="checkbox" name="select" value="time"/>
-                </td>
-                <td>
-                    <span name="accesstime">time</span>
-                </td>
-            </tr>
-        </tbody>
-        </table>
-        </span>
-    </span>
-</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbac-details-general.html b/install/static/layouts/default/hbac-details-general.html
deleted file mode 100755
index 97836909..00000000
--- a/install/static/layouts/default/hbac-details-general.html
+++ /dev/null
@@ -1,57 +0,0 @@
-<html>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>General</title>
-
-    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
-    <link rel="stylesheet" type="text/css" href="ipa.css" />
-</head>
-<body>
-<div id="contents">
-    <table style="width: 100%; border: 0 solid black;">
-    <tr>
-        <td style="width: 100px; text-align: right;">
-            Name:
-        </td>
-        <td>
-            <span name="cn">
-                <input type="text" name="cn" size="30"/>
-                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-            </span>
-        </td>
-        <td style="text-align: right;">
-            Rule type:
-            <span name="accessruletype">
-                <input type="radio" name="accessruletype" value="allow"/>Allow
-                <input type="radio" name="accessruletype" value="deny"/>Deny
-                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-            </span>
-        </td>
-    </tr>
-    <tr>
-        <td style="text-align: right; vertical-align: top;">
-            Description:
-        </td>
-        <td colspan="2">
-            <span name="description">
-                <textarea name="description" rows="5" style="width: 100%;" cols="40"></textarea>
-                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-            </span>
-        </td>
-    </tr>
-    <tr>
-        <td style="text-align: right; vertical-align: top;">
-            Rule status:
-        </td>
-        <td colspan="2">
-            <span name="ipaenabledflag">
-                <input type="radio" name="ipaenabledflag" value="TRUE"/>Active
-                <input type="radio" name="ipaenabledflag" value="FALSE"/>Inactive
-                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-            </span>
-        </td>
-    </tr>
-    </table>
-</div>
-</body>
-</html>
diff --git a/install/static/layouts/default/hbac-details-host.html b/install/static/layouts/default/hbac-details-host.html
deleted file mode 100755
index 1ba386da..00000000
--- a/install/static/layouts/default/hbac-details-host.html
+++ /dev/null
@@ -1,78 +0,0 @@
-<html>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>Accessing</title>
-
-    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
-    <link rel="stylesheet" type="text/css" href="ipa.css" />
-</head>
-<body>
-<div id="contents">
-    Rule applies when access is requested to:
-    <span name="hostcategory">
-        <input type="radio" name="hostcategory" value="all"/>Any Host
-        <input type="radio" name="hostcategory" value=""/>Specified Hosts and Groups
-        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-    </span>
-    <br/>
-
-    <span name="memberhost_host">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">Host</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Hosts"/>
-                    <input type="button" name="add" value="Add Hosts"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="host"/>
-            </td>
-            <td>
-                <span name="memberhost_host">host</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-
-    <span name="memberhost_hostgroup">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">Host Group</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Host Groups"/>
-                    <input type="button" name="add" value="Add Host Groups"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="hostgroups"/>
-            </td>
-            <td>
-                <span name="memberhost_hostgroup">hostgroups</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbac-details-service.html b/install/static/layouts/default/hbac-details-service.html
deleted file mode 100755
index 77e8420d..00000000
--- a/install/static/layouts/default/hbac-details-service.html
+++ /dev/null
@@ -1,78 +0,0 @@
-<html>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>Via Service</title>
-
-    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
-    <link rel="stylesheet" type="text/css" href="ipa.css" />
-</head>
-<body>
-<div id="contents">
-    Rule applies when access is requested via:
-    <span name="servicecategory">
-        <input type="radio" name="servicecategory" value="all"/>Any Service
-        <input type="radio" name="servicecategory" value=""/>Specified Services and Groups
-        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-    </span>
-    <br/>
-
-    <span name="memberservice_hbacsvc">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">Service</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Services"/>
-                    <input type="button" name="add" value="Add Services"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="service"/>
-            </td>
-            <td>
-                <span name="memberservice_hbacsvc">service</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-
-    <span name="memberservice_hbacsvcgroup">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">Service Group</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Service Groups"/>
-                    <input type="button" name="add" value="Add Service Groups"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="services"/>
-            </td>
-            <td>
-                <span name="memberservice_hbacsvcgroup">services</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbac-details-sourcehost.html b/install/static/layouts/default/hbac-details-sourcehost.html
deleted file mode 100755
index aae1ef38..00000000
--- a/install/static/layouts/default/hbac-details-sourcehost.html
+++ /dev/null
@@ -1,78 +0,0 @@
-<html>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>From</title>
-
-    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
-    <link rel="stylesheet" type="text/css" href="ipa.css" />
-</head>
-<body>
-<div id="contents">
-    Rule applies when access is being initiated from:
-    <span name="sourcehostcategory">
-        <input type="radio" name="sourcehostcategory" value="all"/>Any Host
-        <input type="radio" name="sourcehostcategory" value=""/>Specified Hosts and Groups
-        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-    </span>
-    <br/>
-
-    <span name="sourcehost_host">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">Host</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Hosts"/>
-                    <input type="button" name="add" value="Add Hosts"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="host"/>
-            </td>
-            <td>
-                <span name="sourcehost_host">host</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-
-    <span name="sourcehost_hostgroup">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">Host Group</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Host Groups"/>
-                    <input type="button" name="add" value="Add Host Groups"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="hosts"/>
-            </td>
-            <td>
-                <span name="sourcehost_hostgroup">hosts</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbac-details-user.html b/install/static/layouts/default/hbac-details-user.html
deleted file mode 100755
index 1b58848f..00000000
--- a/install/static/layouts/default/hbac-details-user.html
+++ /dev/null
@@ -1,78 +0,0 @@
-<html>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>Who</title>
-
-    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
-    <link rel="stylesheet" type="text/css" href="ipa.css" />
-</head>
-<body>
-<div id="contents">
-    Rule applies when access is requested by:
-    <span name="usercategory">
-        <input type="radio" name="usercategory" value="all"/>Anyone
-        <input type="radio" name="usercategory" value=""/>Specified Users and Groups
-        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-    </span>
-    <br/>
-
-    <span name="memberuser_user">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">User</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Users"/>
-                    <input type="button" name="add" value="Add Users"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="user"/>
-            </td>
-            <td>
-                <span name="memberuser_user">user</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-
-    <span name="memberuser_group">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">User Group</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove User Groups"/>
-                    <input type="button" name="add" value="Add User Groups"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="users"/>
-            </td>
-            <td>
-                <span name="memberuser_group">users</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbacrule-details-accesstime.html b/install/static/layouts/default/hbacrule-details-accesstime.html
new file mode 100755
index 00000000..8d5e258b
--- /dev/null
+++ b/install/static/layouts/default/hbacrule-details-accesstime.html
@@ -0,0 +1,49 @@
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>When</title>
+
+    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
+    <link rel="stylesheet" type="text/css" href="ipa.css" />
+</head>
+<body>
+<div id="contents">
+    <span name="accesstime">
+        <span name="text">Rule applies when access is being requested at:</span>
+        <input type="radio" name="accesstime" value="all"/>Any Time
+        <input type="radio" name="accesstime" value=""/>Specified Times
+        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+        <br/>
+
+        <span name="table">
+        <table class="search-table">
+        <thead>
+            <tr>
+                <th style="width: 25px;">
+                    <input type="checkbox" name="select"/>
+                </th>
+                <th>
+                    <span style="float: left;">Access Time</span>
+                    <span name="buttons" style="float: right;">
+                        <input type="button" name="remove" value="Remove Access Times"/>
+                        <input type="button" name="add" value="Add Access Times"/>
+                    </span>
+                </th>
+            </tr>
+        </thead>
+        <tbody>
+            <tr>
+                <td>
+                    <input type="checkbox" name="select" value="time"/>
+                </td>
+                <td>
+                    <span name="accesstime">time</span>
+                </td>
+            </tr>
+        </tbody>
+        </table>
+        </span>
+    </span>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbacrule-details-general.html b/install/static/layouts/default/hbacrule-details-general.html
new file mode 100755
index 00000000..97836909
--- /dev/null
+++ b/install/static/layouts/default/hbacrule-details-general.html
@@ -0,0 +1,57 @@
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>General</title>
+
+    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
+    <link rel="stylesheet" type="text/css" href="ipa.css" />
+</head>
+<body>
+<div id="contents">
+    <table style="width: 100%; border: 0 solid black;">
+    <tr>
+        <td style="width: 100px; text-align: right;">
+            Name:
+        </td>
+        <td>
+            <span name="cn">
+                <input type="text" name="cn" size="30"/>
+                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+            </span>
+        </td>
+        <td style="text-align: right;">
+            Rule type:
+            <span name="accessruletype">
+                <input type="radio" name="accessruletype" value="allow"/>Allow
+                <input type="radio" name="accessruletype" value="deny"/>Deny
+                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+            </span>
+        </td>
+    </tr>
+    <tr>
+        <td style="text-align: right; vertical-align: top;">
+            Description:
+        </td>
+        <td colspan="2">
+            <span name="description">
+                <textarea name="description" rows="5" style="width: 100%;" cols="40"></textarea>
+                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+            </span>
+        </td>
+    </tr>
+    <tr>
+        <td style="text-align: right; vertical-align: top;">
+            Rule status:
+        </td>
+        <td colspan="2">
+            <span name="ipaenabledflag">
+                <input type="radio" name="ipaenabledflag" value="TRUE"/>Active
+                <input type="radio" name="ipaenabledflag" value="FALSE"/>Inactive
+                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+            </span>
+        </td>
+    </tr>
+    </table>
+</div>
+</body>
+</html>
diff --git a/install/static/layouts/default/hbacrule-details-host.html b/install/static/layouts/default/hbacrule-details-host.html
new file mode 100755
index 00000000..1ba386da
--- /dev/null
+++ b/install/static/layouts/default/hbacrule-details-host.html
@@ -0,0 +1,78 @@
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>Accessing</title>
+
+    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
+    <link rel="stylesheet" type="text/css" href="ipa.css" />
+</head>
+<body>
+<div id="contents">
+    Rule applies when access is requested to:
+    <span name="hostcategory">
+        <input type="radio" name="hostcategory" value="all"/>Any Host
+        <input type="radio" name="hostcategory" value=""/>Specified Hosts and Groups
+        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+    </span>
+    <br/>
+
+    <span name="memberhost_host">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">Host</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Hosts"/>
+                    <input type="button" name="add" value="Add Hosts"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="host"/>
+            </td>
+            <td>
+                <span name="memberhost_host">host</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+
+    <span name="memberhost_hostgroup">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">Host Group</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Host Groups"/>
+                    <input type="button" name="add" value="Add Host Groups"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="hostgroups"/>
+            </td>
+            <td>
+                <span name="memberhost_hostgroup">hostgroups</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbacrule-details-service.html b/install/static/layouts/default/hbacrule-details-service.html
new file mode 100755
index 00000000..77e8420d
--- /dev/null
+++ b/install/static/layouts/default/hbacrule-details-service.html
@@ -0,0 +1,78 @@
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>Via Service</title>
+
+    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
+    <link rel="stylesheet" type="text/css" href="ipa.css" />
+</head>
+<body>
+<div id="contents">
+    Rule applies when access is requested via:
+    <span name="servicecategory">
+        <input type="radio" name="servicecategory" value="all"/>Any Service
+        <input type="radio" name="servicecategory" value=""/>Specified Services and Groups
+        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+    </span>
+    <br/>
+
+    <span name="memberservice_hbacsvc">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">Service</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Services"/>
+                    <input type="button" name="add" value="Add Services"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="service"/>
+            </td>
+            <td>
+                <span name="memberservice_hbacsvc">service</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+
+    <span name="memberservice_hbacsvcgroup">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">Service Group</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Service Groups"/>
+                    <input type="button" name="add" value="Add Service Groups"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="services"/>
+            </td>
+            <td>
+                <span name="memberservice_hbacsvcgroup">services</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbacrule-details-sourcehost.html b/install/static/layouts/default/hbacrule-details-sourcehost.html
new file mode 100755
index 00000000..aae1ef38
--- /dev/null
+++ b/install/static/layouts/default/hbacrule-details-sourcehost.html
@@ -0,0 +1,78 @@
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>From</title>
+
+    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
+    <link rel="stylesheet" type="text/css" href="ipa.css" />
+</head>
+<body>
+<div id="contents">
+    Rule applies when access is being initiated from:
+    <span name="sourcehostcategory">
+        <input type="radio" name="sourcehostcategory" value="all"/>Any Host
+        <input type="radio" name="sourcehostcategory" value=""/>Specified Hosts and Groups
+        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+    </span>
+    <br/>
+
+    <span name="sourcehost_host">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">Host</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Hosts"/>
+                    <input type="button" name="add" value="Add Hosts"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="host"/>
+            </td>
+            <td>
+                <span name="sourcehost_host">host</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+
+    <span name="sourcehost_hostgroup">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">Host Group</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Host Groups"/>
+                    <input type="button" name="add" value="Add Host Groups"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="hosts"/>
+            </td>
+            <td>
+                <span name="sourcehost_hostgroup">hosts</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbacrule-details-user.html b/install/static/layouts/default/hbacrule-details-user.html
new file mode 100755
index 00000000..1b58848f
--- /dev/null
+++ b/install/static/layouts/default/hbacrule-details-user.html
@@ -0,0 +1,78 @@
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>Who</title>
+
+    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
+    <link rel="stylesheet" type="text/css" href="ipa.css" />
+</head>
+<body>
+<div id="contents">
+    Rule applies when access is requested by:
+    <span name="usercategory">
+        <input type="radio" name="usercategory" value="all"/>Anyone
+        <input type="radio" name="usercategory" value=""/>Specified Users and Groups
+        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+    </span>
+    <br/>
+
+    <span name="memberuser_user">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">User</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Users"/>
+                    <input type="button" name="add" value="Add Users"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="user"/>
+            </td>
+            <td>
+                <span name="memberuser_user">user</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+
+    <span name="memberuser_group">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">User Group</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove User Groups"/>
+                    <input type="button" name="add" value="Add User Groups"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="users"/>
+            </td>
+            <td>
+                <span name="memberuser_group">users</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/install/static/test/data/hbac_add.json b/install/static/test/data/hbac_add.json
deleted file mode 100644
index 2a5d251b..00000000
--- a/install/static/test/data/hbac_add.json
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=f3e69e82-e3b411df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "ipauniqueid": [
-                "f3e69e82-e3b411df-bfde9b13-2b28c216"
-            ],
-            "objectclass": [
-                "ipaassociation",
-                "ipahbacrule"
-            ]
-        },
-        "summary": null,
-        "value": "test"
-    }
-}
\ No newline at end of file
diff --git a/install/static/test/data/hbac_add_accesstime.json b/install/static/test/data/hbac_add_accesstime.json
deleted file mode 100644
index 3c631155..00000000
--- a/install/static/test/data/hbac_add_accesstime.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "result": true
-    }
-}
diff --git a/install/static/test/data/hbac_add_host.json b/install/static/test/data/hbac_add_host.json
deleted file mode 100644
index 038d6aea..00000000
--- a/install/static/test/data/hbac_add_host.json
+++ /dev/null
@@ -1,56 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 2,
-        "failed": {
-            "memberhost": {
-                "host": [],
-                "hostgroup": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_add_service.json b/install/static/test/data/hbac_add_service.json
deleted file mode 100644
index c658fe8b..00000000
--- a/install/static/test/data/hbac_add_service.json
+++ /dev/null
@@ -1,56 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 3,
-        "failed": {
-            "memberservice": {
-                "hbacsvc": [],
-                "hbacsvcgroup": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_add_sourcehost.json b/install/static/test/data/hbac_add_sourcehost.json
deleted file mode 100644
index a657207f..00000000
--- a/install/static/test/data/hbac_add_sourcehost.json
+++ /dev/null
@@ -1,56 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 2,
-        "failed": {
-            "sourcehost": {
-                "host": [],
-                "hostgroup": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_add_user.json b/install/static/test/data/hbac_add_user.json
deleted file mode 100644
index 0c4c976e..00000000
--- a/install/static/test/data/hbac_add_user.json
+++ /dev/null
@@ -1,56 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 3,
-        "failed": {
-            "memberuser": {
-                "group": [],
-                "user": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_del.json b/install/static/test/data/hbac_del.json
deleted file mode 100644
index 2197a12c..00000000
--- a/install/static/test/data/hbac_del.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "result": true,
-        "summary": null,
-        "value": "test"
-    }
-}
\ No newline at end of file
diff --git a/install/static/test/data/hbac_find.json b/install/static/test/data/hbac_find.json
deleted file mode 100644
index fd95d9f5..00000000
--- a/install/static/test/data/hbac_find.json
+++ /dev/null
@@ -1,54 +0,0 @@
-{
-    "error": null, 
-    "id": 0,
-    "result": {
-        "count": 2,
-        "result": [
-            {
-                "accessruletype": [
-                    "allow"
-                ], 
-                "cn": [
-                    "allow_all"
-                ], 
-                "description": [
-                    "Allow all users to access any host from any host"
-                ], 
-                "dn": "ipauniqueid=b7567b5a-e39311df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com",
-                "hostcategory": [
-                    "all"
-                ], 
-                "ipaenabledflag": [
-                    "TRUE"
-                ], 
-                "servicecategory": [
-                    "all"
-                ], 
-                "sourcehostcategory": [
-                    "all"
-                ], 
-                "usercategory": [
-                    "all"
-                ]
-            },
-            {
-                "accessruletype": [
-                    "allow"
-                ],
-                "accesstime": [
-                    "periodic daily 0800-1400",
-                    "absolute 201012161032 ~ 201012161033"
-                ],
-                "cn": [
-                    "test"
-                ],
-                "dn": "ipauniqueid=3b6d2a82-e3b511df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com",
-                "ipaenabledflag": [
-                    "TRUE"
-                ]
-            }
-        ], 
-        "summary": null, 
-        "truncated": false
-    }
-}
diff --git a/install/static/test/data/hbac_mod.json b/install/static/test/data/hbac_mod.json
deleted file mode 100644
index ea2b4d1e..00000000
--- a/install/static/test/data/hbac_mod.json
+++ /dev/null
@@ -1,60 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "attributelevelrights": {
-                "accessruletype": "rscwo",
-                "accesstime": "rscwo",
-                "aci": "rscwo",
-                "cn": "rscwo",
-                "description": "rscwo",
-                "externalhost": "rscwo",
-                "hostcategory": "rscwo",
-                "ipaenabledflag": "rscwo",
-                "ipauniqueid": "rsc",
-                "memberhost": "rscwo",
-                "memberservice": "rscwo",
-                "memberuser": "rscwo",
-                "nsaccountlock": "rscwo",
-                "servicecategory": "rscwo",
-                "sourcehost": "rscwo",
-                "sourcehostcategory": "rscwo",
-                "usercategory": "rscwo"
-            },
-            "cn": [
-                "test"
-            ],
-            "description": [
-                "Test HBAC rule."
-            ],
-            "hostcategory": [
-                "all"
-            ],
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "ipauniqueid": [
-                "4ed8b682-edf511df-b3f78f4b-11cc007b"
-            ],
-            "objectclass": [
-                "ipaassociation",
-                "ipahbacrule"
-            ],
-            "servicecategory": [
-                "all"
-            ],
-            "sourcehostcategory": [
-                "all"
-            ],
-            "usercategory": [
-                "all"
-            ]
-        },
-        "summary": null,
-        "value": "test"
-    }
-}
diff --git a/install/static/test/data/hbac_remove_accesstime.json b/install/static/test/data/hbac_remove_accesstime.json
deleted file mode 100644
index 3c631155..00000000
--- a/install/static/test/data/hbac_remove_accesstime.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "result": true
-    }
-}
diff --git a/install/static/test/data/hbac_remove_host.json b/install/static/test/data/hbac_remove_host.json
deleted file mode 100644
index 02f56ecd..00000000
--- a/install/static/test/data/hbac_remove_host.json
+++ /dev/null
@@ -1,50 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 2,
-        "failed": {
-            "memberhost": {
-                "host": [],
-                "hostgroup": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_remove_service.json b/install/static/test/data/hbac_remove_service.json
deleted file mode 100644
index f8b6b51a..00000000
--- a/install/static/test/data/hbac_remove_service.json
+++ /dev/null
@@ -1,49 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 3,
-        "failed": {
-            "memberservice": {
-                "hbacsvc": [],
-                "hbacsvcgroup": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_remove_sourcehost.json b/install/static/test/data/hbac_remove_sourcehost.json
deleted file mode 100644
index da32f76e..00000000
--- a/install/static/test/data/hbac_remove_sourcehost.json
+++ /dev/null
@@ -1,50 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 2,
-        "failed": {
-            "sourcehost": {
-                "host": [],
-                "hostgroup": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_remove_user.json b/install/static/test/data/hbac_remove_user.json
deleted file mode 100644
index f25317e8..00000000
--- a/install/static/test/data/hbac_remove_user.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 3,
-        "failed": {
-            "memberuser": {
-                "group": [],
-                "user": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_show.json b/install/static/test/data/hbac_show.json
deleted file mode 100644
index 2c0b64b3..00000000
--- a/install/static/test/data/hbac_show.json
+++ /dev/null
@@ -1,76 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "result": {
-            "accessruletype": [
-                "deny"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "attributelevelrights": {
-                "accessruletype": "rscwo",
-                "accesstime": "rscwo",
-                "aci": "rscwo",
-                "cn": "rscwo",
-                "description": "rscwo",
-                "externalhost": "rscwo",
-                "hostcategory": "rscwo",
-                "ipaenabledflag": "rscwo",
-                "ipauniqueid": "rsc",
-                "memberhost": "rscwo",
-                "memberservice": "rscwo",
-                "memberuser": "rscwo",
-                "nsaccountlock": "rscwo",
-                "servicecategory": "rscwo",
-                "sourcehost": "rscwo",
-                "sourcehostcategory": "rscwo",
-                "usercategory": "rscwo"
-            },
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=4ed8b682-edf511df-b3f78f4b-11cc007b,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "ipauniqueid": [
-                "4ed8b682-edf511df-b3f78f4b-11cc007b"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "objectclass": [
-                "ipaassociation",
-                "ipahbacrule"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        },
-        "summary": null,
-        "value": "test"
-    }
-}
diff --git a/install/static/test/data/hbacrule_add.json b/install/static/test/data/hbacrule_add.json
new file mode 100644
index 00000000..2a5d251b
--- /dev/null
+++ b/install/static/test/data/hbacrule_add.json
@@ -0,0 +1,27 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=f3e69e82-e3b411df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "ipauniqueid": [
+                "f3e69e82-e3b411df-bfde9b13-2b28c216"
+            ],
+            "objectclass": [
+                "ipaassociation",
+                "ipahbacrule"
+            ]
+        },
+        "summary": null,
+        "value": "test"
+    }
+}
\ No newline at end of file
diff --git a/install/static/test/data/hbacrule_add_accesstime.json b/install/static/test/data/hbacrule_add_accesstime.json
new file mode 100644
index 00000000..3c631155
--- /dev/null
+++ b/install/static/test/data/hbacrule_add_accesstime.json
@@ -0,0 +1,7 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "result": true
+    }
+}
diff --git a/install/static/test/data/hbacrule_add_host.json b/install/static/test/data/hbacrule_add_host.json
new file mode 100644
index 00000000..038d6aea
--- /dev/null
+++ b/install/static/test/data/hbacrule_add_host.json
@@ -0,0 +1,56 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 2,
+        "failed": {
+            "memberhost": {
+                "host": [],
+                "hostgroup": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_add_service.json b/install/static/test/data/hbacrule_add_service.json
new file mode 100644
index 00000000..c658fe8b
--- /dev/null
+++ b/install/static/test/data/hbacrule_add_service.json
@@ -0,0 +1,56 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 3,
+        "failed": {
+            "memberservice": {
+                "hbacsvc": [],
+                "hbacsvcgroup": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_add_sourcehost.json b/install/static/test/data/hbacrule_add_sourcehost.json
new file mode 100644
index 00000000..a657207f
--- /dev/null
+++ b/install/static/test/data/hbacrule_add_sourcehost.json
@@ -0,0 +1,56 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 2,
+        "failed": {
+            "sourcehost": {
+                "host": [],
+                "hostgroup": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_add_user.json b/install/static/test/data/hbacrule_add_user.json
new file mode 100644
index 00000000..0c4c976e
--- /dev/null
+++ b/install/static/test/data/hbacrule_add_user.json
@@ -0,0 +1,56 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 3,
+        "failed": {
+            "memberuser": {
+                "group": [],
+                "user": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_del.json b/install/static/test/data/hbacrule_del.json
new file mode 100644
index 00000000..2197a12c
--- /dev/null
+++ b/install/static/test/data/hbacrule_del.json
@@ -0,0 +1,9 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "result": true,
+        "summary": null,
+        "value": "test"
+    }
+}
\ No newline at end of file
diff --git a/install/static/test/data/hbacrule_find.json b/install/static/test/data/hbacrule_find.json
new file mode 100644
index 00000000..fd95d9f5
--- /dev/null
+++ b/install/static/test/data/hbacrule_find.json
@@ -0,0 +1,54 @@
+{
+    "error": null, 
+    "id": 0,
+    "result": {
+        "count": 2,
+        "result": [
+            {
+                "accessruletype": [
+                    "allow"
+                ], 
+                "cn": [
+                    "allow_all"
+                ], 
+                "description": [
+                    "Allow all users to access any host from any host"
+                ], 
+                "dn": "ipauniqueid=b7567b5a-e39311df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com",
+                "hostcategory": [
+                    "all"
+                ], 
+                "ipaenabledflag": [
+                    "TRUE"
+                ], 
+                "servicecategory": [
+                    "all"
+                ], 
+                "sourcehostcategory": [
+                    "all"
+                ], 
+                "usercategory": [
+                    "all"
+                ]
+            },
+            {
+                "accessruletype": [
+                    "allow"
+                ],
+                "accesstime": [
+                    "periodic daily 0800-1400",
+                    "absolute 201012161032 ~ 201012161033"
+                ],
+                "cn": [
+                    "test"
+                ],
+                "dn": "ipauniqueid=3b6d2a82-e3b511df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com",
+                "ipaenabledflag": [
+                    "TRUE"
+                ]
+            }
+        ], 
+        "summary": null, 
+        "truncated": false
+    }
+}
diff --git a/install/static/test/data/hbacrule_mod.json b/install/static/test/data/hbacrule_mod.json
new file mode 100644
index 00000000..ea2b4d1e
--- /dev/null
+++ b/install/static/test/data/hbacrule_mod.json
@@ -0,0 +1,60 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "attributelevelrights": {
+                "accessruletype": "rscwo",
+                "accesstime": "rscwo",
+                "aci": "rscwo",
+                "cn": "rscwo",
+                "description": "rscwo",
+                "externalhost": "rscwo",
+                "hostcategory": "rscwo",
+                "ipaenabledflag": "rscwo",
+                "ipauniqueid": "rsc",
+                "memberhost": "rscwo",
+                "memberservice": "rscwo",
+                "memberuser": "rscwo",
+                "nsaccountlock": "rscwo",
+                "servicecategory": "rscwo",
+                "sourcehost": "rscwo",
+                "sourcehostcategory": "rscwo",
+                "usercategory": "rscwo"
+            },
+            "cn": [
+                "test"
+            ],
+            "description": [
+                "Test HBAC rule."
+            ],
+            "hostcategory": [
+                "all"
+            ],
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "ipauniqueid": [
+                "4ed8b682-edf511df-b3f78f4b-11cc007b"
+            ],
+            "objectclass": [
+                "ipaassociation",
+                "ipahbacrule"
+            ],
+            "servicecategory": [
+                "all"
+            ],
+            "sourcehostcategory": [
+                "all"
+            ],
+            "usercategory": [
+                "all"
+            ]
+        },
+        "summary": null,
+        "value": "test"
+    }
+}
diff --git a/install/static/test/data/hbacrule_remove_accesstime.json b/install/static/test/data/hbacrule_remove_accesstime.json
new file mode 100644
index 00000000..3c631155
--- /dev/null
+++ b/install/static/test/data/hbacrule_remove_accesstime.json
@@ -0,0 +1,7 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "result": true
+    }
+}
diff --git a/install/static/test/data/hbacrule_remove_host.json b/install/static/test/data/hbacrule_remove_host.json
new file mode 100644
index 00000000..02f56ecd
--- /dev/null
+++ b/install/static/test/data/hbacrule_remove_host.json
@@ -0,0 +1,50 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 2,
+        "failed": {
+            "memberhost": {
+                "host": [],
+                "hostgroup": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_remove_service.json b/install/static/test/data/hbacrule_remove_service.json
new file mode 100644
index 00000000..f8b6b51a
--- /dev/null
+++ b/install/static/test/data/hbacrule_remove_service.json
@@ -0,0 +1,49 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 3,
+        "failed": {
+            "memberservice": {
+                "hbacsvc": [],
+                "hbacsvcgroup": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_remove_sourcehost.json b/install/static/test/data/hbacrule_remove_sourcehost.json
new file mode 100644
index 00000000..da32f76e
--- /dev/null
+++ b/install/static/test/data/hbacrule_remove_sourcehost.json
@@ -0,0 +1,50 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 2,
+        "failed": {
+            "sourcehost": {
+                "host": [],
+                "hostgroup": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_remove_user.json b/install/static/test/data/hbacrule_remove_user.json
new file mode 100644
index 00000000..f25317e8
--- /dev/null
+++ b/install/static/test/data/hbacrule_remove_user.json
@@ -0,0 +1,48 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 3,
+        "failed": {
+            "memberuser": {
+                "group": [],
+                "user": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_show.json b/install/static/test/data/hbacrule_show.json
new file mode 100644
index 00000000..2c0b64b3
--- /dev/null
+++ b/install/static/test/data/hbacrule_show.json
@@ -0,0 +1,76 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "result": {
+            "accessruletype": [
+                "deny"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "attributelevelrights": {
+                "accessruletype": "rscwo",
+                "accesstime": "rscwo",
+                "aci": "rscwo",
+                "cn": "rscwo",
+                "description": "rscwo",
+                "externalhost": "rscwo",
+                "hostcategory": "rscwo",
+                "ipaenabledflag": "rscwo",
+                "ipauniqueid": "rsc",
+                "memberhost": "rscwo",
+                "memberservice": "rscwo",
+                "memberuser": "rscwo",
+                "nsaccountlock": "rscwo",
+                "servicecategory": "rscwo",
+                "sourcehost": "rscwo",
+                "sourcehostcategory": "rscwo",
+                "usercategory": "rscwo"
+            },
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=4ed8b682-edf511df-b3f78f4b-11cc007b,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "ipauniqueid": [
+                "4ed8b682-edf511df-b3f78f4b-11cc007b"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "objectclass": [
+                "ipaassociation",
+                "ipahbacrule"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        },
+        "summary": null,
+        "value": "test"
+    }
+}
diff --git a/install/static/test/data/ipa_init.json b/install/static/test/data/ipa_init.json
index e399d808..3b3f2db7 100644
--- a/install/static/test/data/ipa_init.json
+++ b/install/static/test/data/ipa_init.json
@@ -3132,7 +3132,7 @@
                         ],
                         "uuid_attribute": "ipauniqueid"
                     },
-                    "hbac": {
+                    "hbacrule": {
                         "aciattrs": [
                             "accessruletype",
                             "accesstime",
@@ -3169,7 +3169,7 @@
                             ]
                         },
                         "bindable": false,
-                        "container_dn": "cn=hbac",
+                        "container_dn": "cn=hbacrules",
                         "default_attributes": [
                             "cn",
                             "accessruletype",
@@ -3208,7 +3208,7 @@
                             "remove_user",
                             "show"
                         ],
-                        "name": "hbac",
+                        "name": "hbacrule",
                         "object_class": [
                             "ipaassociation",
                             "ipahbacrule"
@@ -7833,7 +7833,7 @@
                     "container_configs": "cn=configs,cn=policies",
                     "container_dns": "cn=dns",
                     "container_group": "cn=groups,cn=accounts",
-                    "container_hbac": "cn=hbac",
+                    "container_hbacrule": "cn=hbacrules",
                     "container_hbacservice": "cn=hbacservices,cn=accounts",
                     "container_hbacservicegroup": "cn=hbacservicegroups,cn=accounts",
                     "container_host": "cn=computers,cn=accounts",
diff --git a/install/static/webui.js b/install/static/webui.js
index f17db8bc..964c8cf7 100644
--- a/install/static/webui.js
+++ b/install/static/webui.js
@@ -34,7 +34,7 @@ var admin_tab_set = [
     ]},
     {name:'policy', children:[
         {name:'dnszone', entity:'dnszone'},
-        {name:'hbac', entity:'hbac', children:[
+        {name:'hbacrule', entity:'hbacrule', children:[
             {name:'hbacsvc', entity:'hbacsvc'},
             {name:'hbacsvcgroup', entity:'hbacsvcgroup'}
         ]},
-- 
cgit